So that we can provide this service free of charge, we will share the information that you enter here with the organisations whose content you download from this website. We will also update you on what’s new from Tech&Learning UK with our newsletters. See our privacy policy and cookie policy pages for more information.

With the average cyber criminal aged just 17, robust cyber security is increasingly essential for the UK education sector. Over the course of 2015, the UK’s National Crime Agency National Cyber Crime Unit found the average age of suspects to be 17. While this has since informed a number of public campaigns with the aim of discouraging young people from becoming involved cybercrime operations, this news is a wake up call for UK schools, colleges and universities.

While cyber security should have already represented a priority for any educational institution, with this news, educational organisations need to protect their networks more than ever before, particularly from insider threats.

State of the art

As in many industries, due to its sheer nature, the education sector requires the adoption of state of the art technology. In terms of the number of users connecting to networks, educational institutions can behave as small and medium sized enterprises (SMES), and even as company level carriers, especially in higher education.

The number of access points to their networks also grows day by day, including everything from wireless access points for students to sale terminals. Add to this the fact that cyber criminals are increasingly targeting schools and universities for identity theft, and you’ve got a melting pot of threats coming at educational institutions from every angle, both from inside and outside.

The education sector has compelling information for groups who profit through data theft. Today, it occupies third place in the world in terms of the number of computer security incidents, just below the health industry and the retail sector.

Hive of data

Here’s a rundown of the top information being stolen in order, which may surprise you: Identity theft; Personal data of students; Personal data of teachers and workers; Financial information; Data from educational institutions’ suppliers; Plagiarism of projects and research; Alteration of contents of the course; Distribution of malicious content; Unauthorised changes; Alteration of qualifications; Destruction of databases; Financial benefits through the kidnapping of computers (ransomware).

What we’ve observed recently is an increase in hacking and malware infections, representing 35% of cyber security incidents in 2015. This is often carried out through spear phishing, where hackers send customised emails. This attack is particular effective in education organisations due to the relatively open nature of the college and university campuses, the widespread use of social networks by students and the lack of restrictive controls.

It’s fair to say that the education sector relies heavily upon the comprehensive protection of its networks against data leaks and cyber threats in order to preserve the privacy of its staff and students as well as its reputation.

And any successful attacks have dire consequences; Ponemon’s report revealed that on average, an attack in the education sector costs $300 per person or record stolen [Ponemon Institute, 2015]. That’s a hefty amount to spend after an attack in a sector that’s trying to cut costs and squeeze budgets where possible.